Status
Not open for further replies.

Spawn

Administrator
Verified
Staff member
Homepage: LG Product Security

Google+: Excited to see LG launch a new security site with security news and security…

Google started taking security updates much more seriously last year after the Stage Fright vulnerability hit. Samsung followed suit, and even launched a monthly security bulletin mirroring Google's. Now, LG has a security bulletin site where it will post updates on vulnerabilities.
Source: LG Now Has Its Own Security Bulletin Like Google And Samsung
LG Product Security Response Process
"When a security issue is reported with LG Products or services, the Product Security Response Team works with LG development teams to identify, investigate, mitigate and resolve the issue as quickly as possible.

LG also engages with partners, researchers, customers and other individuals to exchange information about potential threats and vulnerabilities. As new threats emerge, this information is shared among various product teams within LG to analyze and mitigate these threats and change or adjust our processes as necessary to enable strong security quality among our products and services."

The following is an overview of the product security issue lifecycle, disclosure and resolution process:

Discovery
  • LG PSRT becomes aware of a suspected vulnerability in its products or services.
  • If the suspected vulnerability is privately reported by a third party, the LG PSRT requests that the reporter maintain strict confidentiality until resolution(s) are available and have been published by LG PSRT, as appropriate with LG disclosure practices.
Investigation/Analysis
  • LG PSRT coordinates with the various relevant product teams for verification of the potential vulnerability. The product team(s) attempt to reproduce the reported issue to validate the vulnerability. The PSRT team, as necessary, may collaborate with the reporter to gather as much detail necessary to ensure appropriate remediation.
Mitigation
  • LG PSRT will work with the various product team(s) to coordinate efforts in resolving issues as quickly as is feasible based on the severity level of the vulnerability. Once all mitigation steps are applied and implemented, a fix will be made available for updates.
Notification
  • A notification to make the necessary updates or changes will be sent out to those parties impacted by the vulnerability reported. Best effort will be made for notification, as we understand that at times it may be difficult to identify all individuals or parties impacted.
LG Product Security Response Team: LG Response Process
 
Status
Not open for further replies.